Loading...
1/*
2 * security/tomoyo/securityfs_if.c
3 *
4 * Copyright (C) 2005-2011 NTT DATA CORPORATION
5 */
6
7#include <linux/security.h>
8#include "common.h"
9
10/**
11 * tomoyo_check_task_acl - Check permission for task operation.
12 *
13 * @r: Pointer to "struct tomoyo_request_info".
14 * @ptr: Pointer to "struct tomoyo_acl_info".
15 *
16 * Returns true if granted, false otherwise.
17 */
18static bool tomoyo_check_task_acl(struct tomoyo_request_info *r,
19 const struct tomoyo_acl_info *ptr)
20{
21 const struct tomoyo_task_acl *acl = container_of(ptr, typeof(*acl),
22 head);
23 return !tomoyo_pathcmp(r->param.task.domainname, acl->domainname);
24}
25
26/**
27 * tomoyo_write_self - write() for /sys/kernel/security/tomoyo/self_domain interface.
28 *
29 * @file: Pointer to "struct file".
30 * @buf: Domainname to transit to.
31 * @count: Size of @buf.
32 * @ppos: Unused.
33 *
34 * Returns @count on success, negative value otherwise.
35 *
36 * If domain transition was permitted but the domain transition failed, this
37 * function returns error rather than terminating current thread with SIGKILL.
38 */
39static ssize_t tomoyo_write_self(struct file *file, const char __user *buf,
40 size_t count, loff_t *ppos)
41{
42 char *data;
43 int error;
44 if (!count || count >= TOMOYO_EXEC_TMPSIZE - 10)
45 return -ENOMEM;
46 data = kzalloc(count + 1, GFP_NOFS);
47 if (!data)
48 return -ENOMEM;
49 if (copy_from_user(data, buf, count)) {
50 error = -EFAULT;
51 goto out;
52 }
53 tomoyo_normalize_line(data);
54 if (tomoyo_correct_domain(data)) {
55 const int idx = tomoyo_read_lock();
56 struct tomoyo_path_info name;
57 struct tomoyo_request_info r;
58 name.name = data;
59 tomoyo_fill_path_info(&name);
60 /* Check "task manual_domain_transition" permission. */
61 tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE);
62 r.param_type = TOMOYO_TYPE_MANUAL_TASK_ACL;
63 r.param.task.domainname = &name;
64 tomoyo_check_acl(&r, tomoyo_check_task_acl);
65 if (!r.granted)
66 error = -EPERM;
67 else {
68 struct tomoyo_domain_info *new_domain =
69 tomoyo_assign_domain(data, true);
70 if (!new_domain) {
71 error = -ENOENT;
72 } else {
73 struct cred *cred = prepare_creds();
74 if (!cred) {
75 error = -ENOMEM;
76 } else {
77 struct tomoyo_domain_info *old_domain =
78 cred->security;
79 cred->security = new_domain;
80 atomic_inc(&new_domain->users);
81 atomic_dec(&old_domain->users);
82 commit_creds(cred);
83 error = 0;
84 }
85 }
86 }
87 tomoyo_read_unlock(idx);
88 } else
89 error = -EINVAL;
90out:
91 kfree(data);
92 return error ? error : count;
93}
94
95/**
96 * tomoyo_read_self - read() for /sys/kernel/security/tomoyo/self_domain interface.
97 *
98 * @file: Pointer to "struct file".
99 * @buf: Domainname which current thread belongs to.
100 * @count: Size of @buf.
101 * @ppos: Bytes read by now.
102 *
103 * Returns read size on success, negative value otherwise.
104 */
105static ssize_t tomoyo_read_self(struct file *file, char __user *buf,
106 size_t count, loff_t *ppos)
107{
108 const char *domain = tomoyo_domain()->domainname->name;
109 loff_t len = strlen(domain);
110 loff_t pos = *ppos;
111 if (pos >= len || !count)
112 return 0;
113 len -= pos;
114 if (count < len)
115 len = count;
116 if (copy_to_user(buf, domain + pos, len))
117 return -EFAULT;
118 *ppos += len;
119 return len;
120}
121
122/* Operations for /sys/kernel/security/tomoyo/self_domain interface. */
123static const struct file_operations tomoyo_self_operations = {
124 .write = tomoyo_write_self,
125 .read = tomoyo_read_self,
126};
127
128/**
129 * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface.
130 *
131 * @inode: Pointer to "struct inode".
132 * @file: Pointer to "struct file".
133 *
134 * Returns 0 on success, negative value otherwise.
135 */
136static int tomoyo_open(struct inode *inode, struct file *file)
137{
138 const int key = ((u8 *) file_inode(file)->i_private)
139 - ((u8 *) NULL);
140 return tomoyo_open_control(key, file);
141}
142
143/**
144 * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface.
145 *
146 * @file: Pointer to "struct file".
147 *
148 */
149static int tomoyo_release(struct inode *inode, struct file *file)
150{
151 tomoyo_close_control(file->private_data);
152 return 0;
153}
154
155/**
156 * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface.
157 *
158 * @file: Pointer to "struct file".
159 * @wait: Pointer to "poll_table". Maybe NULL.
160 *
161 * Returns POLLIN | POLLRDNORM | POLLOUT | POLLWRNORM if ready to read/write,
162 * POLLOUT | POLLWRNORM otherwise.
163 */
164static unsigned int tomoyo_poll(struct file *file, poll_table *wait)
165{
166 return tomoyo_poll_control(file, wait);
167}
168
169/**
170 * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface.
171 *
172 * @file: Pointer to "struct file".
173 * @buf: Pointer to buffer.
174 * @count: Size of @buf.
175 * @ppos: Unused.
176 *
177 * Returns bytes read on success, negative value otherwise.
178 */
179static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count,
180 loff_t *ppos)
181{
182 return tomoyo_read_control(file->private_data, buf, count);
183}
184
185/**
186 * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface.
187 *
188 * @file: Pointer to "struct file".
189 * @buf: Pointer to buffer.
190 * @count: Size of @buf.
191 * @ppos: Unused.
192 *
193 * Returns @count on success, negative value otherwise.
194 */
195static ssize_t tomoyo_write(struct file *file, const char __user *buf,
196 size_t count, loff_t *ppos)
197{
198 return tomoyo_write_control(file->private_data, buf, count);
199}
200
201/*
202 * tomoyo_operations is a "struct file_operations" which is used for handling
203 * /sys/kernel/security/tomoyo/ interface.
204 *
205 * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR).
206 * See tomoyo_io_buffer for internals.
207 */
208static const struct file_operations tomoyo_operations = {
209 .open = tomoyo_open,
210 .release = tomoyo_release,
211 .poll = tomoyo_poll,
212 .read = tomoyo_read,
213 .write = tomoyo_write,
214 .llseek = noop_llseek,
215};
216
217/**
218 * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory.
219 *
220 * @name: The name of the interface file.
221 * @mode: The permission of the interface file.
222 * @parent: The parent directory.
223 * @key: Type of interface.
224 *
225 * Returns nothing.
226 */
227static void __init tomoyo_create_entry(const char *name, const umode_t mode,
228 struct dentry *parent, const u8 key)
229{
230 securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,
231 &tomoyo_operations);
232}
233
234/**
235 * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface.
236 *
237 * Returns 0.
238 */
239static int __init tomoyo_initerface_init(void)
240{
241 struct dentry *tomoyo_dir;
242
243 /* Don't create securityfs entries unless registered. */
244 if (current_cred()->security != &tomoyo_kernel_domain)
245 return 0;
246
247 tomoyo_dir = securityfs_create_dir("tomoyo", NULL);
248 tomoyo_create_entry("query", 0600, tomoyo_dir,
249 TOMOYO_QUERY);
250 tomoyo_create_entry("domain_policy", 0600, tomoyo_dir,
251 TOMOYO_DOMAINPOLICY);
252 tomoyo_create_entry("exception_policy", 0600, tomoyo_dir,
253 TOMOYO_EXCEPTIONPOLICY);
254 tomoyo_create_entry("audit", 0400, tomoyo_dir,
255 TOMOYO_AUDIT);
256 tomoyo_create_entry(".process_status", 0600, tomoyo_dir,
257 TOMOYO_PROCESS_STATUS);
258 tomoyo_create_entry("stat", 0644, tomoyo_dir,
259 TOMOYO_STAT);
260 tomoyo_create_entry("profile", 0600, tomoyo_dir,
261 TOMOYO_PROFILE);
262 tomoyo_create_entry("manager", 0600, tomoyo_dir,
263 TOMOYO_MANAGER);
264 tomoyo_create_entry("version", 0400, tomoyo_dir,
265 TOMOYO_VERSION);
266 securityfs_create_file("self_domain", 0666, tomoyo_dir, NULL,
267 &tomoyo_self_operations);
268 tomoyo_load_builtin_policy();
269 return 0;
270}
271
272fs_initcall(tomoyo_initerface_init);
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * security/tomoyo/securityfs_if.c
4 *
5 * Copyright (C) 2005-2011 NTT DATA CORPORATION
6 */
7
8#include <linux/security.h>
9#include "common.h"
10
11/**
12 * tomoyo_check_task_acl - Check permission for task operation.
13 *
14 * @r: Pointer to "struct tomoyo_request_info".
15 * @ptr: Pointer to "struct tomoyo_acl_info".
16 *
17 * Returns true if granted, false otherwise.
18 */
19static bool tomoyo_check_task_acl(struct tomoyo_request_info *r,
20 const struct tomoyo_acl_info *ptr)
21{
22 const struct tomoyo_task_acl *acl = container_of(ptr, typeof(*acl),
23 head);
24 return !tomoyo_pathcmp(r->param.task.domainname, acl->domainname);
25}
26
27/**
28 * tomoyo_write_self - write() for /sys/kernel/security/tomoyo/self_domain interface.
29 *
30 * @file: Pointer to "struct file".
31 * @buf: Domainname to transit to.
32 * @count: Size of @buf.
33 * @ppos: Unused.
34 *
35 * Returns @count on success, negative value otherwise.
36 *
37 * If domain transition was permitted but the domain transition failed, this
38 * function returns error rather than terminating current thread with SIGKILL.
39 */
40static ssize_t tomoyo_write_self(struct file *file, const char __user *buf,
41 size_t count, loff_t *ppos)
42{
43 char *data;
44 int error;
45 if (!count || count >= TOMOYO_EXEC_TMPSIZE - 10)
46 return -ENOMEM;
47 data = memdup_user_nul(buf, count);
48 if (IS_ERR(data))
49 return PTR_ERR(data);
50 tomoyo_normalize_line(data);
51 if (tomoyo_correct_domain(data)) {
52 const int idx = tomoyo_read_lock();
53 struct tomoyo_path_info name;
54 struct tomoyo_request_info r;
55 name.name = data;
56 tomoyo_fill_path_info(&name);
57 /* Check "task manual_domain_transition" permission. */
58 tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE);
59 r.param_type = TOMOYO_TYPE_MANUAL_TASK_ACL;
60 r.param.task.domainname = &name;
61 tomoyo_check_acl(&r, tomoyo_check_task_acl);
62 if (!r.granted)
63 error = -EPERM;
64 else {
65 struct tomoyo_domain_info *new_domain =
66 tomoyo_assign_domain(data, true);
67 if (!new_domain) {
68 error = -ENOENT;
69 } else {
70 struct cred *cred = prepare_creds();
71 if (!cred) {
72 error = -ENOMEM;
73 } else {
74 struct tomoyo_domain_info *old_domain =
75 cred->security;
76 cred->security = new_domain;
77 atomic_inc(&new_domain->users);
78 atomic_dec(&old_domain->users);
79 commit_creds(cred);
80 error = 0;
81 }
82 }
83 }
84 tomoyo_read_unlock(idx);
85 } else
86 error = -EINVAL;
87 kfree(data);
88 return error ? error : count;
89}
90
91/**
92 * tomoyo_read_self - read() for /sys/kernel/security/tomoyo/self_domain interface.
93 *
94 * @file: Pointer to "struct file".
95 * @buf: Domainname which current thread belongs to.
96 * @count: Size of @buf.
97 * @ppos: Bytes read by now.
98 *
99 * Returns read size on success, negative value otherwise.
100 */
101static ssize_t tomoyo_read_self(struct file *file, char __user *buf,
102 size_t count, loff_t *ppos)
103{
104 const char *domain = tomoyo_domain()->domainname->name;
105 loff_t len = strlen(domain);
106 loff_t pos = *ppos;
107 if (pos >= len || !count)
108 return 0;
109 len -= pos;
110 if (count < len)
111 len = count;
112 if (copy_to_user(buf, domain + pos, len))
113 return -EFAULT;
114 *ppos += len;
115 return len;
116}
117
118/* Operations for /sys/kernel/security/tomoyo/self_domain interface. */
119static const struct file_operations tomoyo_self_operations = {
120 .write = tomoyo_write_self,
121 .read = tomoyo_read_self,
122};
123
124/**
125 * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface.
126 *
127 * @inode: Pointer to "struct inode".
128 * @file: Pointer to "struct file".
129 *
130 * Returns 0 on success, negative value otherwise.
131 */
132static int tomoyo_open(struct inode *inode, struct file *file)
133{
134 const int key = ((u8 *) file_inode(file)->i_private)
135 - ((u8 *) NULL);
136 return tomoyo_open_control(key, file);
137}
138
139/**
140 * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface.
141 *
142 * @file: Pointer to "struct file".
143 *
144 */
145static int tomoyo_release(struct inode *inode, struct file *file)
146{
147 tomoyo_close_control(file->private_data);
148 return 0;
149}
150
151/**
152 * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface.
153 *
154 * @file: Pointer to "struct file".
155 * @wait: Pointer to "poll_table". Maybe NULL.
156 *
157 * Returns EPOLLIN | EPOLLRDNORM | EPOLLOUT | EPOLLWRNORM if ready to read/write,
158 * EPOLLOUT | EPOLLWRNORM otherwise.
159 */
160static __poll_t tomoyo_poll(struct file *file, poll_table *wait)
161{
162 return tomoyo_poll_control(file, wait);
163}
164
165/**
166 * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface.
167 *
168 * @file: Pointer to "struct file".
169 * @buf: Pointer to buffer.
170 * @count: Size of @buf.
171 * @ppos: Unused.
172 *
173 * Returns bytes read on success, negative value otherwise.
174 */
175static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count,
176 loff_t *ppos)
177{
178 return tomoyo_read_control(file->private_data, buf, count);
179}
180
181/**
182 * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface.
183 *
184 * @file: Pointer to "struct file".
185 * @buf: Pointer to buffer.
186 * @count: Size of @buf.
187 * @ppos: Unused.
188 *
189 * Returns @count on success, negative value otherwise.
190 */
191static ssize_t tomoyo_write(struct file *file, const char __user *buf,
192 size_t count, loff_t *ppos)
193{
194 return tomoyo_write_control(file->private_data, buf, count);
195}
196
197/*
198 * tomoyo_operations is a "struct file_operations" which is used for handling
199 * /sys/kernel/security/tomoyo/ interface.
200 *
201 * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR).
202 * See tomoyo_io_buffer for internals.
203 */
204static const struct file_operations tomoyo_operations = {
205 .open = tomoyo_open,
206 .release = tomoyo_release,
207 .poll = tomoyo_poll,
208 .read = tomoyo_read,
209 .write = tomoyo_write,
210 .llseek = noop_llseek,
211};
212
213/**
214 * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory.
215 *
216 * @name: The name of the interface file.
217 * @mode: The permission of the interface file.
218 * @parent: The parent directory.
219 * @key: Type of interface.
220 *
221 * Returns nothing.
222 */
223static void __init tomoyo_create_entry(const char *name, const umode_t mode,
224 struct dentry *parent, const u8 key)
225{
226 securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,
227 &tomoyo_operations);
228}
229
230/**
231 * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface.
232 *
233 * Returns 0.
234 */
235static int __init tomoyo_initerface_init(void)
236{
237 struct dentry *tomoyo_dir;
238
239 /* Don't create securityfs entries unless registered. */
240 if (current_cred()->security != &tomoyo_kernel_domain)
241 return 0;
242
243 tomoyo_dir = securityfs_create_dir("tomoyo", NULL);
244 tomoyo_create_entry("query", 0600, tomoyo_dir,
245 TOMOYO_QUERY);
246 tomoyo_create_entry("domain_policy", 0600, tomoyo_dir,
247 TOMOYO_DOMAINPOLICY);
248 tomoyo_create_entry("exception_policy", 0600, tomoyo_dir,
249 TOMOYO_EXCEPTIONPOLICY);
250 tomoyo_create_entry("audit", 0400, tomoyo_dir,
251 TOMOYO_AUDIT);
252 tomoyo_create_entry(".process_status", 0600, tomoyo_dir,
253 TOMOYO_PROCESS_STATUS);
254 tomoyo_create_entry("stat", 0644, tomoyo_dir,
255 TOMOYO_STAT);
256 tomoyo_create_entry("profile", 0600, tomoyo_dir,
257 TOMOYO_PROFILE);
258 tomoyo_create_entry("manager", 0600, tomoyo_dir,
259 TOMOYO_MANAGER);
260 tomoyo_create_entry("version", 0400, tomoyo_dir,
261 TOMOYO_VERSION);
262 securityfs_create_file("self_domain", 0666, tomoyo_dir, NULL,
263 &tomoyo_self_operations);
264 tomoyo_load_builtin_policy();
265 return 0;
266}
267
268fs_initcall(tomoyo_initerface_init);